WhiteSource, the leader in open source security and license compliance management, announced today the integration of its open source security solution with Fortify Software Security Center (SSC), the leading application security testing solution, providing users with full visibility and control over their software security risks.
WhiteSource's integration with Fortify SSC allows customers to view and monitor their open source security vulnerabilities from within their Fortify SSC application, enabling them to improve security management throughout the software development lifecycle with a comprehensive view of their software vulnerabilities in both their proprietary and open source code.
Open source usage is standard practice in today's software development ecosystem. While organizations' products are a combination of open source and proprietary code, application security tools like Static Analysis Security Testing (SAST) used for proprietary code cannot detect open source components with known vulnerabilities. Only Software Composition Analysis (SCA) tools can detect vulnerable open source components in real-time and provide remediation suggestions according to the impact on a product's security.
The combination of SAST, DAST, and Software Composition Analysis (SCA) tools will offer companies unprecedented visibility into their software code, both proprietary and open source components, in order to detect all vulnerabilities in their products and address all their application security issues.
"It's important to us that WhiteSource customers have all the tools that they need to easily manage their application security," said Rami Sass, WhiteSource CEO. "Our new integration with Micro Focus Fortify provides WhiteSource customers with a 360° view of their application security issues, helping them seamlessly evaluate, prioritize and remediate open source vulnerabilities alongside their other application security testing processes."